Bhasker C V wrote: > Hi, > > > Could someone help me please on how do I go about migrating data of mine > from old SSL encryption > > For instance > > > OPENSSL 1.1 (on a old system) > > $ echo hai | openssl bf-cbc -md md5 > hello.txt > > and then in > > OPENSSL 3 > > $ cat hello.txt | openssl bf-cbc -md md5 -d -provider legacy > enter BF-CBC decryption password: > *** WARNING : deprecated key derivation used. > Using -iter or -pbkdf2 would be better. > EVP_BytesToKey failed > 40D7C740377F0000:error:0308010C:digital envelope > routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:373:Global > default library context, Algorithm (MD5 : 100), Properties () > 40D7C740377F0000:error:03000086:digital envelope > routines:evp_md_init_internal:initialization > error:../crypto/evp/digest.c:252: > > > Is there anything else missing other than -provider legacy for decrypting > such files ? I am guessing the MD5 is not compatible with legacy provider. > > I have tried fips, base, legacy
I recommend two things: First, use openssl 1.1 to decrypt your files. Once you have the plaintext, you can re-encrypt them as you see fit. Second, don't use openssl 3 yet. It's still the season of frequent CVEs. -dsr-
